Stuck in the Middle
         February 2009

          Jason Healey
  Cyber Conflict Studies Association
          Cybercon...
Page 2

    About Cyber Conflict Studies Association

                        Goal: begin a cross-discipline study of
    ...
Page 3

Agenda




          • Why “Stuck in the Middle”
            • How can it happen?
         • How can you see it co...
Page 4

 Why “Stuck in the Middle” ?

• We are all defending our own corners of cyberspace
   – But could be stuck in some...
Page 5

    “Hactivists,” “Patriotic Hackers” and the Big Boys

• Relation of physical and cyber troubles
     –   Easier ...
Page 6

 You may be targeted because of

• Bum luck
  – “Kosovo is Serbia” in 2000
  – Caught in the middle: Manchester Un...
Page 7

 Secondary and Tertiary Targeting

• "If you support or raise funds for any company
  connected with Huntingdon Li...
Page 8

 You may be targeted because of

• A group you are associated with?
  – Caught in the middle? AIPAC

• Choices of ...
Page 9

 You may be targeted because of

  "KFC's license is from America, an important Israeli ally. In consuming US prod...
Page 10

 You may be targeted because of

• A real, no-kidding war

  – How could this happen here?

  – Unless you can ma...
Page 11

 This region is hactivist central

• Long history of patriotic hacking in Asia
   –   India  Pakistan
   –   Chin...
Page 12

 How to see it coming

• Rule #1: Cyber follows, never precedes the
  physical

• Rarely ever broken (so far)

• ...
Page 13

 How to see it coming

• Are you involved in an area likely to draw activists:
   –   Israel/Palestine
   –   Chi...
Page 14

      How to see it coming

  • Your indicators, rate them 1 to 5
  • As these get checked off, consider yourself...
Page 15

 What to do if you’re targeted?

• What to do if you’re a target depends on which category
  you fall in to
   – ...
Page 16

The Sleep Deprivers


             • The old big things:
                      – Olympics
                       ...
Upcoming SlideShare
Loading in …5
×

Cyber Conflict

707 views
616 views

Published on

Published in: Business, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
707
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cyber Conflict

  1. 1. Stuck in the Middle February 2009 Jason Healey Cyber Conflict Studies Association Cyberconflict.org Yes I'm stuck in the middle with you, And I'm wondering what it is I should do, It's so hard to keep this smile from my face, Losing control, yeah, I'm all over the place, Clowns to the left of me, Jokers to the right, Here I am, stuck in the middle with you. From “Stuck in the Middle” Stealers Wheel, 1972
  2. 2. Page 2 About Cyber Conflict Studies Association Goal: begin a cross-discipline study of implications of strategic conflict in cyberspace • Symposium at Georgetown University last February: Can a cyber conflict be deterred? Lessons from Estonia • Previous symposia have been on law and cyber conflict, attribution of attacks, arms control, and visualization of cyber conflict, and deterrence of cyber conflict • Online “Journal of Cyber Conflict Studies” • Membership from government, academia, industry. Includes James Mulvenon, Paul Kurtz, Greg Rattray, Dorothy Denning, others • Sponsored by Norwich University
  3. 3. Page 3 Agenda • Why “Stuck in the Middle” • How can it happen? • How can you see it coming? • What can you do? • The Sleep Deprivers…
  4. 4. Page 4 Why “Stuck in the Middle” ? • We are all defending our own corners of cyberspace – But could be stuck in something larger • Can be caught because of a protest – World Economic Forum in 2002 • Or as part of a war – No, of course it won’t happen – But what will you do when it does?
  5. 5. Page 5 “Hactivists,” “Patriotic Hackers” and the Big Boys • Relation of physical and cyber troubles – Easier to cross borders with your protest in cyberspace – Less likely to be caught – Easy to organize – Anonymity means increased chances of bad behavior • Why did “Hacking = art” • Who started “patriotic hacking”? • Who is meanest? • What nations are best at harnessing it? • None of this is “cyberterror”
  6. 6. Page 6 You may be targeted because of • Bum luck – “Kosovo is Serbia” in 2000 – Caught in the middle: Manchester United, Adidas, viagra.com, jamesbond.com • The sector you are part of? – Caught in the middle: Finance, firebombings and beagles Secondary and tertiary targeting Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  7. 7. Page 7 Secondary and Tertiary Targeting • "If you support or raise funds for any company connected with Huntingdon Life Sciences we will track you down, come for you and destroy your property with fire.“ – Animal Liberation Front (source: wikipedia, accessed 7 November 2008) • The physical dimension – Yacht club – Protests at insurers, shareholders, market makers – Executives targeted, attacked, property firebombed • The cyber dimension: – Email and DoS campaigns – Skip’s neighbors
  8. 8. Page 8 You may be targeted because of • A group you are associated with? – Caught in the middle? AIPAC • Choices of your company? – Caught in the middle? Carrefour Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  9. 9. Page 9 You may be targeted because of "KFC's license is from America, an important Israeli ally. In consuming US products, it means that we give financial contributions to Israel's military strikes on the Palestinian people" Indonesian protest coordinator, January 2009 (Source: Hill and Associates from AFP, CAN, Viva News) • Perceived actions of your country? – Serbia, EP-3. Caught in the middle? The poorly protected… – Japan in 2001: history books from South Korea, visit to Yasukuni Caught in the middle? The poorly protected… – Who moved my statue? Caught in the middle? The whole online country Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  10. 10. Page 10 You may be targeted because of • A real, no-kidding war – How could this happen here? – Unless you can make hard, unpalatable choices you may be in the middle Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  11. 11. Page 11 This region is hactivist central • Long history of patriotic hacking in Asia – India Pakistan – China Taiwan – China Japan – South Korea Japan – China United States – China Olympic, Tibet protesters • The “China Ceiling”
  12. 12. Page 12 How to see it coming • Rule #1: Cyber follows, never precedes the physical • Rarely ever broken (so far) • You should find traces of this online with a good search process
  13. 13. Page 13 How to see it coming • Are you involved in an area likely to draw activists: – Israel/Palestine – China/Tibet and China/Taiwan – Russia/Baltics, Russia/Georgia – Serbia – Olympics – Environmental – Finance and globalization • Play “what if” on your CSR and business decisions • Develop your indicators
  14. 14. Page 14 How to see it coming • Your indicators, rate them 1 to 5 • As these get checked off, consider yourself warned. Attacks are getting closer: • Are activists mentioning our company or related topics? • Are there physical protests affecting our sector or related businesses? Increasing specificity and • For example, other companies in the same likelihood of line, other globalizing firms, or other Olympic you’re being attacked sponsors • Are there cyber protest attacks related to our business? • Are there cyber protest attacks against our sector? • Are there physical protests against our company? • Are we being specifically mentioned for cyber
  15. 15. Page 15 What to do if you’re targeted? • What to do if you’re a target depends on which category you fall in to – Bum-luck attacks are best for you as neither sophisticated nor persistent – Sector attacks will keep coming back But will hit your competitors too, ha ha – Company-specific attacks may be short, but very intense In rare cases (n=1?) they will be with you forever Country-specific may also be short, but has the worst consequences Are your standard defenses good enough? – WEF attacks of 2002
  16. 16. Page 16 The Sleep Deprivers • The old big things: – Olympics – Taiwan • The new big things: – Russia? – Collapsing Economies – Food?

×